Increase your understanding of the Annex A controls in ISO/IEC 27001:2022 for greater confidence in implementing, managing and auditing an information security management system (ISMS).

This half-day ISO 27001 Annex A training course addresses the complex area of Annex A controls within ISO 27001 through a games-based approach, designed to make learning enjoyable and more effective.

Developed by an industry expert, this highly interactive training course is led by a knowledgeable tutor and ensures that all delegates can take part in the learning process.

The course covers all Annex A themes, with the greatest focus on its technological controls, which are often found to be a weaker area in ISMS auditing.

The course extends the knowledge of those who already have some understanding of ISO 27001. It is suitable for anyone who has already attended, or is planning to attend, an ISO 27001 training course. This may include:

  • internal auditors
  • lead auditors
  • certification body auditors
  • information security management system implementers and freelance consultants who have some knowledge of the basic structure of ISO 27001, and who may be involved in the design and/or auditing of an ISMS
  • managers who need to oversee specific activities within an information security management system (e.g. IT Services, Facilities Management).

The course is suitable for all industries, with the principles applicable to both product and service organisations.

For those who do not yet have knowledge or experience of ISO 27001, we recommend also attending our 1-day Introduction to ISO 27001 training course.

Key topics covered in the course include:

  • an overview of ISMS based on ISO 27001
  • the PDCA cycle
  • information pathways
  • HR controls
  • cloud computing and data centres
  • facilities management controls
  • network management
  • admin controls
  • event monitoring
  • IT controls
  • bespoke controls

You will receive an Annex A guidance document which contains all the Annex A Controls as our recommended pre-course reading. Delegates do not have to bring the entire standard to the course, and can use this guidance document for reference.

The 4-hour course follows the following structure, with exact timings depending on the format of training:

  • 8.45 REGISTRATION
  • 9.00 Welcome and introductions
  • Overview of ISO 27001:2022 (refresher)
  • Game 1 Information pathways
  • Case study brief
  • Game 2 HR controls
  • Game 3 FM controls
  • BREAK
  • Game 4 Admin controls
  • Game 5 IT controls
  • Examples of bespoke controls (not explicit in Annex A)
  • 13:00 CLOSE

Games are interspersed with quizzes and technical sessions.

By the end of the course delegates will have gained confidence in applying and auditing Annex A controls in their ISMS. This includes a deeper understanding of its technological controls, and enhanced orientation of interactions between controls.